HTTP

HTTP
source
Name	HTTP
Full name	Hypertext Transfer Protocol
Developed by	Tim Berners-Lee; World Wide Web Consortium; Internet Engineering Task Force
Initial release	1991
Stable release	RFC 7230–7235 series (2014); HTTP/2 (2015); HTTP/3 (QUIC) (2022)
Written in	TCP/IP suite; QUIC (IETF)
Platform	World Wide Web; Hypertext Transfer Protocol family

HTTP HTTP is an application-layer protocol originally designed to enable distributed, collaborative, hypermedia information systems on the World Wide Web. It defines message semantics, request methods, response status codes, header fields and connection management between user agents such as Netscape Navigator, Mozilla Firefox, Google Chrome and servers like Apache HTTP Server, Nginx, Microsoft Internet Information Services. HTTP underpins interactions among clients, proxies, caches and origin servers used across infrastructures including the Internet Engineering Task Force standards, the World Wide Web Consortium recommendations and implementations by companies such as Google, Microsoft, Cloudflare.

Overview

HTTP operates as a stateless, request–response protocol within the Internet protocol suite where clients initiate connections to servers which return representations of resources identified by Uniform Resource Identifiers managed by registries and governance bodies like IANA and influenced by standards bodies such as the IETF. Core components include message syntax and semantics, connection persistence, content negotiation, caching directives, and authentication schemes deployed by platforms including Amazon Web Services, Heroku, and GitHub. Implementations interact with security layers like Transport Layer Security and transport mechanisms like Transmission Control Protocol or QUIC.

History and Development

HTTP's origins trace to proposals and implementations connected to Tim Berners-Lee at CERN and early browsers such as Mosaic; subsequent standardization was driven by working groups within the IETF and the W3C. Key milestones include formalization in RFC documents, evolution to persistent connections in implementations like Apache HTTP Server, the introduction of pipelining and multiplexing in HTTP/2 promoted by Google, and migration to QUIC-driven HTTP/3 coordinated by IETF working groups with contributions from Cloudflare and Mozilla Foundation. Projects and events shaping adoption include the rise of content delivery networks like Akamai Technologies and web acceleration research from Yahoo! and Facebook.

Protocol Architecture and Components

The protocol architecture maps to the application layer of the Internet protocol suite and interacts with transport protocols such as TCP and QUIC; middleware components include reverse proxies (e.g., Nginx), forward proxies (e.g., Squid (software)), and load balancers from vendors like F5 Networks. Core components comprise requests and responses, header fields defined in RFCs, status codes, content negotiation using media types maintained by IANA, and entity tags used by caching systems employed by Fastly and Cloudflare. The architecture enables intermediaries, caching layers, and authentication managers integrated with identity providers like OAuth ecosystems and enterprise directories from Microsoft.

Request Methods and Status Codes

Standard request methods include GET, POST, PUT, DELETE, PATCH and HEAD as codified in RFCs and implemented by clients such as curl, libraries like libcurl and frameworks including Express (web framework), Django (web framework), and ASP.NET Core. Responses use status codes grouped by class: 1xx (informational), 2xx (successful), 3xx (redirection), 4xx (client error), 5xx (server error); notable examples appear in data from projects like Google Search Console and analytics services such as New Relic. Servers and CDNs use status semantics together with caching and retry logic influenced by standards from the IETF and operational guidance from companies like GitHub.

Security and HTTPS

Secure transports use TLS negotiated via certificate authorities including Let's Encrypt, VeriSign, and organizational PKI providers; the secure variant is widely deployed by browsers including Safari and Microsoft Edge and enforced by initiatives like Google's HTTPS-First policies. Threat models addressed by the community include man-in-the-middle attacks documented in advisories from CERT Coordination Center and mitigations in protocols standardized by the IETF and implemented by vendors such as OpenSSL and BoringSSL. Security extensions include HSTS adopted via guidance from Mozilla Foundation, mixed-content mitigations promoted by W3C, and application-layer protections integrated into platforms like Cloudflare and AWS Web Application Firewall.

Performance and Optimization

Performance improvements have arisen from protocol enhancements (HTTP/2 multiplexing, HTTP/3 over QUIC) championed by Google and standardized by the IETF, edge caching strategies by Akamai Technologies and Fastly, and front-end optimizations promoted by web performance advocates like Yahoo!'s Best Practices and firms including Google's Lighthouse. Techniques include connection reuse, header compression (HPACK, QPACK), resource bundling in frameworks such as React (JavaScript library) and Angular (web framework), and deployment of CDNs operated by Cloudflare and Akamai Technologies to reduce latency for services like Netflix and Spotify.

Implementations and Uses

Widely used server implementations include Apache HTTP Server, Nginx, Lighttpd and proprietary servers from Microsoft; client implementations span browsers like Google Chrome, Mozilla Firefox, Microsoft Edge and libraries such as libcurl and Requests (software). HTTP supports APIs and architectures including RESTful services, GraphQL deployments by companies like Facebook, microservices patterns used by Netflix and Uber, and web application stacks including LAMP and MEAN. HTTP also underlies protocols and services such as WebRTC signaling, WebSocket upgrades, and IoT gateways from vendors like Cisco Systems and Amazon.

Category:Internet protocols